We would like to tell you a story about a respected healthcare company. The company worked diligently with their employees and third party business partners to maintain industry compliance. HIPAA compliant regulations dictate that any third party partner or associate handling protected data of the healthcare organization must agree to have documented policies in place to ensure the partner or associate will keep safe all protected information belonging to the healthcare company. This agreement must be recorded and ratified by a business associate agreement (BAA) between the parties.

Our healthcare company had every intention of following all HIPAA compliant requirements and believed they were.

In July of 2011, a laptop belonging to one of their associates was stolen. The laptop contained personal health information for thousands of patients. As a responsible and ethical organization, our healthcare company reported the potential breach to the Department of Health and Human Services (HHS). An HHS investigation determined the healthcare organization had failed to properly contract with the associate. The company and associate were in the process of finalizing the BAA so it had not been in place at the time of the breach. The company and associate had been conducting business together without a signed BAA in place. HHS found that no promise to keep protected information safe between the parties existed and the company was fined $1.5 million.

Ensuring that companies are fully HIPAA-compliant is one of the most important concerns in today’s business environment. We offer a comprehensive range of HIPAA consulting services that meet the most stringent regulatory standards. With our proven expertise in every aspect of HIPAA, we can help medical service providers address the needs of their clients, while contributing to the uplifting of the industry.

HIPAA or the Health Insurance Portability and Accountability Act is a set of standards by which sensitive patient data is protected. The law applies to any organization or entity that is involved in the recording, handling, and/or maintenance of protected health information (PHI). Under the guidelines established by HIPAA, all such entities will have to ensure that the prescribed security measures are in place, whether with regard to the physical data itself, the network in which they are stored or accessed, and the processes by which they are accessed and shared.

Our clientele is comprised of a wide range of companies and organizations in the medical and healthcare services industries. We essentially provide our world-class HIPAA consulting services to covered entities (CE), which refers to companies or organizations that provide treatment, payment and operations services in the healthcare sector. We also provide consultancy services to business associates (BA), and anyone who has access to confidential patient information, or those provide support services in those areas.

Our services are geared toward helping organizations of all sizes and scopes of operation address specific concerns related to the saving, accessing, and sharing of patient information. We aid companies in the development of physical, administrative, and technical solutions that will enable to them to safeguard this sensitive data more effectively. By providing proven solutions for limiting facility control and access, we can help companies comply with HIPAA requirements, while ensuring their continued ability to provide essential care services to their patients.

With the passage of the supplemental called The Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, we recognized the growing need for quality HIPAA consulting services. More than 6 years on, we remain just as committed to helping medical care organizations achieve full HIPAA compliance.